package middleware

import (
	"fmt"
	"go_admin/internal/database/system/model/dto"
	"go_admin/internal/service"
	"go_admin/library/libResponse"

	"github.com/gogf/gf/v2/frame/g"
	"github.com/gogf/gf/v2/net/ghttp"
	"github.com/gogf/gf/v2/text/gstr"
	"github.com/gogf/gf/v2/util/gconv"
)

func init() {
	service.RegisterMiddleware(New())
}

func New() *sMiddleware {
	return &sMiddleware{}

}

type sMiddleware struct{}

func (s *sMiddleware) MiddlewareCORS(r *ghttp.Request) {
	corsOptions := r.Response.DefaultCORSOptions()
	r.Response.CORS(corsOptions)
	r.Middleware.Next()
}

func (s *sMiddleware) MiddlewareGlobalHandlerResponse(r *ghttp.Request) {
	r.Middleware.Next()

	if r.Response.BufferLength() > 0 {
		return
	}

	var (
		msg string
		err = r.GetError()
		res = r.GetHandlerResponse()
	)

	if err != nil {
		msg = err.Error()
		libResponse.FailJson(false, r, msg, nil)
	} else {

		libResponse.SusJson(false, r, "success", res)
	}
}

func (s *sMiddleware) Ctx(r *ghttp.Request) {
	ctx := r.GetCtx()
	data, err := service.Token().ParseToken(r)
	if err != nil {
		r.Middleware.Next()
	}
	if data != nil {
		context := new(dto.Context)
		err = gconv.Struct(data.Data, &context.User)
		if err != nil {
			g.Log().Error(ctx, err)
			r.Middleware.Next()
		}
		service.Context().Init(r, context)
	}
	r.Middleware.Next()
}

func (s *sMiddleware) Auth(r *ghttp.Request) {
	ctx := r.GetCtx()
	adminId := service.Context().GetUserId(ctx)
	accessParams := r.Get("accessParams").Strings()
	accessParamsStr := ""
	if len(accessParams) > 0 && accessParams[0] != "undefined" {
		accessParamsStr = "?" + gstr.Join(accessParams, "&")
	}
	url := gstr.TrimLeft(r.URL.Path, "/") + accessParamsStr
	// 获取无须验证权限的用户ID
	tagSuperAdmin := false
	service.SysUser().NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
		if gconv.Uint64(v) == adminId {
			tagSuperAdmin = true
			return false
		}
		return true
	})
	if tagSuperAdmin {
		r.Middleware.Next()
		return
	}
	// 获取地址对应的菜单id
	menuList, err := service.SysAuthRule().GetMenuList(ctx)
	if err != nil {
		g.Log().Error(ctx, err)
		libResponse.FailJson(true, r, "请求菜单数据失败")
	}
	var menu *dto.SysAuthRuleInfoRes
	for _, m := range menuList {
		ms := gstr.SubStr(m.Name, 0, gstr.Pos(m.Name, "?"))
		if m.Name == url || ms == url {
			menu = m
			break
		}
	}

	if menu != nil {
		excludePaths := g.Cfg().MustGet(ctx, "gfToken.excludePaths").Strings()
		for _, p := range excludePaths {
			if gstr.Equal(menu.Name, gstr.TrimLeft(p, "/")) {
				r.Middleware.Next()
				return
			}
		}
		if gstr.Equal(menu.Condition, "nocheck") {
			r.Middleware.Next()
			return
		}
		menuId := menu.Id
		if menuId != 0 {
			enforcer, err := service.CasbinEnforcer(ctx)
			if err != nil {
				g.Log().Error(ctx, err)
				libResponse.FailJson(true, r, "获取权限失败")
			}
			hasAccess := false
			hasAccess, err = enforcer.Enforce(fmt.Sprintf("%s%d", service.SysUser().GetCasBinUserPrefix(), adminId), gconv.String(menuId), "All")
			if err != nil {
				g.Log().Error(ctx, err)
				libResponse.FailJson(true, r, "判断权限失败")
			}
			if !hasAccess {
				libResponse.FailJson(true, r, "没有权限访问")
			}
		}
	} else if accessParamsStr != "" {
		libResponse.FailJson(true, r, "没有权限访问")
	}
	r.Middleware.Next()
}
